<p>When relying on the password authentication mode for the database connection, a secure password should be chosen.</p>
<p>This rule raises an issue when an empty password is used.</p>
<h2>Noncompliant Code Example</h2>
<pre>
Connection conn = DriverManager.getConnection("jdbc:derby:memory:myDB;create=true", "login", "");
</pre>
<h2>Compliant Solution</h2>
<pre>
String password = System.getProperty("database.password");
Connection conn = DriverManager.getConnection("jdbc:derby:memory:myDB;create=true", "login", password);
</pre>
<h2>See</h2>
<ul>
  <li> <a href="https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/">OWASP Top 10 2021 Category A7</a> - Identification and
  Authentication Failures </li>
  <li> <a href="https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html">OWASP Top 10 2017 Category A2</a> - Broken
  Authentication </li>
  <li> <a href="https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure">OWASP Top 10 2017 Category A3</a> - Sensitive Data
  Exposure </li>
  <li> <a href="https://cwe.mitre.org/data/definitions/521.html">MITRE, CWE-521</a> - Weak Password Requirements </li>
</ul>

